The leak came almost exactly one year after the Cambridge Analytica scandal. It was revealed that the political consulting firm had harvested user data from millions of Facebook profiles without user consent for the purposes of political advertising.
Later in April, Facebook admitted there had been another leak. In this case, however, no hackers were involved. Instead, Facebook had unintentionally made public more than a million user emails.
These two leaks show the scale of information that large corporations like Facebook are working with — and how easy it can be for a simple mistake in data management to turn into a huge privacy issue for millions of people.
The hacker also accessed more than 100,000 Social Security numbers, 80,000 bank accounts and several addresses, credit scores and balances that Capital One declined to disclose. The infiltrator was considering distributing the Social Security numbers publicly, according to the FBI agent who investigated her.
The hacker was discovered when she posted the stolen information on the software development platform GitHub, along with her full first, middle and last name.
Capital One did note that 99% of Social Security numbers were not compromised. This probably wasn't much comfort to those whose information was accessed by the hacker — especially if they know how easily exposed information and cyberattacks can cause problems with identity theft and other forms of fraud.
3. The Canva Hack
The information of more than 139 million users was exposed in May when a hacker broke into the servers of the graphic design website Canva.
Usernames, passwords and other information — which was encrypted — were accessed by the hacker. Credit card numbers and user designs were not exposed, according to Canva.
4. The Quest Diagnostics Breach
2019 was a record-setting year for health care data breaches. One of the largest was the Quest Diagnostics attack, which saw the information of more than 12 million patients exposed to a user who had unauthorized network access.
The user gained access through the network of a third-party vendor in August of last year, and had maintained access until this March.
According to Quest Diagnostics, the user had access to patients' medical information, certain financial data and some Social Security numbers.
5. The DoorDash Hack
In May, DoorDash confirmed that an unauthorized third party had gained access to data from more than 4.9 million users. Information that was accessed included profile names, email addresses, delivery addresses, order history and phone numbers. Encrypted passwords were also obtained, but wouldn't be decipherable by the third party.
DoorDash also confirmed that the last four digits of some users' credit card numbers were exposed, but that no CVVs or full card numbers were compromised.
It took DoorDash five months to learn about and report the unauthorized access.
The Biggest Cyberattacks of 2019
2019 mostly demonstrated how easy it is for data to become compromised. When companies rely on third parties, they need to make sure their own massive systems are secure while also making sure the businesses they work with are also implementing good security practices.
The different kinds of companies that suffered data breaches also showed the variety of information that can end up in the wrong hands — anything from diagnoses to financial information can be at risk.
Right now, there isn't a great deal consumers can do except continue to practice good cybersecurity in their own lives, pay attention to the latest news and pressure companies to adopt policies that better defend their data.
About Kayla Matthews
Kayla Matthews writes about data centers and big data for several industry publications, including The Data Center Journal, Data Center Frontier and insideBIGDATA. To read more posts from Kayla, you can follower her personal tech blog at ProductivityBytes.com.